A Taxonomy for Risk Assessment of Cyberattacks on Critical Infrastructure (TRACI)

Cybercrime against critical infrastructures such as nuclear reactors, power plants, and dams has been increasing in frequency severity. Recent literature regarding these types of attacks extensive but due to the sensitive nature this field, there is very little empirical data. We address issues by integrating Routine Activity Theory Rational Choice Theory, we create a classification tool called TRACI (Taxonomy for Risk Assessment Cyberattacks on Critical Infrastructure). take Design Science Research approach develop, evaluate, refine proposed artifact. use mixed methods demonstrate that our taxonomy can successfully capture characteristics various cyberattacks infrastructure. consists three dimensions, each dimension contains its own subdimensions. The first comprises hacker motivation, which be financial, socio-cultural, thrill-seeking, and/or economic. second represents assets cyber, physical, cyber-physical components. third related threats, vulnerabilities, controls are fundamental establishing maintaining an information security posture overall cyber resilience. Our work among utilize criminological theories empirically validated artifact improving infrastructure risk management.